Hello all, I was recommended by the friendly members of the Elixir Slack not to use JWT for authentication as it’s recently been advised against by most people in the security community.
See here: Stop using JWT for sessions
With respect to using the Guardian library (https://github.com/ueberauth/guardian), I’m confused if the issues is JSON Web Tokens itself or if OAuth2 is the security issue. Does using Phoenix tokens or another token format instead of JWT with the Guardian library solve the security issue?
What is the recommended alternative to JWT?
Is it possible to do server side session authentication with a mobile app?
Note: I am building a Phoenix Web App and API with a companion native mobile app built in Flutter. Stuck on how to authenticate from the mobile app and make requests to the API.